2021-08-08 09:21:14 +02:00
|
|
|
from mailu import models, utils
|
2018-09-27 16:09:38 +02:00
|
|
|
from mailu.internal import internal
|
2021-08-08 09:21:14 +02:00
|
|
|
from flask import current_app as app
|
2018-09-27 16:09:38 +02:00
|
|
|
|
|
|
|
import flask
|
2021-02-26 21:51:58 +02:00
|
|
|
import idna
|
2019-08-14 01:21:25 +02:00
|
|
|
import re
|
2020-01-14 02:18:30 +02:00
|
|
|
import srslib
|
2018-09-27 16:09:38 +02:00
|
|
|
|
2021-08-31 20:24:06 +02:00
|
|
|
@internal.route("/postfix/dane/<domain_name>")
|
|
|
|
def postfix_dane_map(domain_name):
|
|
|
|
return flask.jsonify('dane-only') if utils.has_dane_record(domain_name) else flask.abort(404)
|
2018-09-27 16:09:38 +02:00
|
|
|
|
|
|
|
@internal.route("/postfix/domain/<domain_name>")
|
|
|
|
def postfix_mailbox_domain(domain_name):
|
2019-08-14 01:21:25 +02:00
|
|
|
if re.match("^\[.*\]$", domain_name):
|
|
|
|
return flask.abort(404)
|
2018-12-02 12:46:47 +02:00
|
|
|
domain = models.Domain.query.get(domain_name) or \
|
|
|
|
models.Alternative.query.get(domain_name) or \
|
|
|
|
flask.abort(404)
|
2018-09-27 16:09:38 +02:00
|
|
|
return flask.jsonify(domain.name)
|
|
|
|
|
|
|
|
|
2019-01-04 22:18:51 +02:00
|
|
|
@internal.route("/postfix/mailbox/<path:email>")
|
2018-09-27 16:09:38 +02:00
|
|
|
def postfix_mailbox_map(email):
|
|
|
|
user = models.User.query.get(email) or flask.abort(404)
|
|
|
|
return flask.jsonify(user.email)
|
|
|
|
|
|
|
|
|
2019-01-04 22:18:51 +02:00
|
|
|
@internal.route("/postfix/alias/<path:alias>")
|
2018-09-27 16:09:38 +02:00
|
|
|
def postfix_alias_map(alias):
|
2018-10-07 16:24:48 +02:00
|
|
|
localpart, domain_name = models.Email.resolve_domain(alias)
|
2018-09-27 16:09:38 +02:00
|
|
|
if localpart is None:
|
2018-10-07 16:24:48 +02:00
|
|
|
return flask.jsonify(domain_name)
|
|
|
|
destination = models.Email.resolve_destination(localpart, domain_name)
|
|
|
|
return flask.jsonify(",".join(destination)) if destination else flask.abort(404)
|
2018-09-27 16:09:38 +02:00
|
|
|
|
2019-01-04 22:18:51 +02:00
|
|
|
@internal.route("/postfix/transport/<path:email>")
|
2018-09-27 16:09:38 +02:00
|
|
|
def postfix_transport(email):
|
2019-08-14 01:21:25 +02:00
|
|
|
if email == '*' or re.match("(^|.*@)\[.*\]$", email):
|
2018-12-04 15:40:07 +02:00
|
|
|
return flask.abort(404)
|
2021-06-16 16:19:31 +02:00
|
|
|
_, domain_name = models.Email.resolve_domain(email)
|
2018-10-07 16:24:48 +02:00
|
|
|
relay = models.Relay.query.get(domain_name) or flask.abort(404)
|
2021-02-26 21:51:58 +02:00
|
|
|
target = relay.smtp.lower()
|
|
|
|
port = None
|
2021-06-16 16:19:31 +02:00
|
|
|
use_lmtp = False
|
|
|
|
use_mx = False
|
|
|
|
# strip prefixes mx: and lmtp:
|
|
|
|
if target.startswith('mx:'):
|
2021-02-26 21:51:58 +02:00
|
|
|
target = target[3:]
|
2021-06-16 16:19:31 +02:00
|
|
|
use_mx = True
|
|
|
|
elif target.startswith('lmtp:'):
|
|
|
|
target = target[5:]
|
|
|
|
use_lmtp = True
|
|
|
|
# split host:port or [host]:port
|
2021-02-26 21:51:58 +02:00
|
|
|
if target.startswith('['):
|
|
|
|
if use_mx or ']' not in target:
|
2021-06-16 16:19:31 +02:00
|
|
|
# invalid target (mx: and [] or missing ])
|
2021-02-26 21:51:58 +02:00
|
|
|
flask.abort(400)
|
|
|
|
host, rest = target[1:].split(']', 1)
|
|
|
|
if rest.startswith(':'):
|
|
|
|
port = rest[1:]
|
|
|
|
elif rest:
|
|
|
|
# invalid target (rest should be :port)
|
|
|
|
flask.abort(400)
|
|
|
|
else:
|
|
|
|
if ':' in target:
|
|
|
|
host, port = target.rsplit(':', 1)
|
|
|
|
else:
|
|
|
|
host = target
|
2021-06-16 16:19:31 +02:00
|
|
|
# default for empty host part is mx:domain
|
2021-02-26 21:51:58 +02:00
|
|
|
if not host:
|
2021-06-16 16:19:31 +02:00
|
|
|
if not use_lmtp:
|
|
|
|
host = relay.name.lower()
|
|
|
|
use_mx = True
|
|
|
|
else:
|
|
|
|
# lmtp: needs a host part
|
|
|
|
flask.abort(400)
|
|
|
|
# detect ipv6 address or encode host
|
2021-02-26 21:51:58 +02:00
|
|
|
if ':' in host:
|
|
|
|
host = f'ipv6:{host}'
|
|
|
|
else:
|
|
|
|
try:
|
|
|
|
host = idna.encode(host).decode('ascii')
|
|
|
|
except idna.IDNAError:
|
2021-06-16 16:19:31 +02:00
|
|
|
# invalid host (fqdn not encodable)
|
2021-02-26 21:51:58 +02:00
|
|
|
flask.abort(400)
|
2021-06-16 16:19:31 +02:00
|
|
|
# validate port
|
2021-02-26 21:51:58 +02:00
|
|
|
if port is not None:
|
|
|
|
try:
|
|
|
|
port = int(port, 10)
|
|
|
|
except ValueError:
|
2021-06-16 16:19:31 +02:00
|
|
|
# invalid port (should be numeric)
|
2021-02-26 21:51:58 +02:00
|
|
|
flask.abort(400)
|
2021-06-16 16:19:31 +02:00
|
|
|
# create transport
|
|
|
|
transport = 'lmtp' if use_lmtp else 'smtp'
|
|
|
|
# use [] when not using MX lookups or host is an ipv6 address
|
|
|
|
if host.startswith('ipv6:') or (not use_lmtp and not use_mx):
|
2021-02-26 21:51:58 +02:00
|
|
|
host = f'[{host}]'
|
2021-06-16 16:19:31 +02:00
|
|
|
# create port suffix
|
2021-02-26 21:51:58 +02:00
|
|
|
port = '' if port is None else f':{port}'
|
2021-06-16 16:19:31 +02:00
|
|
|
return flask.jsonify(f'{transport}:{host}{port}')
|
2018-10-07 01:52:01 +02:00
|
|
|
|
|
|
|
|
2020-01-14 02:18:30 +02:00
|
|
|
@internal.route("/postfix/recipient/map/<path:recipient>")
|
|
|
|
def postfix_recipient_map(recipient):
|
|
|
|
""" Rewrite the envelope recipient if it is a valid SRS address.
|
|
|
|
|
|
|
|
This is meant for bounces to go back to the original sender.
|
|
|
|
"""
|
2021-10-01 15:00:10 +02:00
|
|
|
srs = srslib.SRS(flask.current_app.srs_key)
|
2020-01-14 02:18:30 +02:00
|
|
|
if srslib.SRS.is_srs_address(recipient):
|
|
|
|
try:
|
|
|
|
return flask.jsonify(srs.reverse(recipient))
|
|
|
|
except srslib.Error as error:
|
|
|
|
return flask.abort(404)
|
|
|
|
return flask.abort(404)
|
|
|
|
|
|
|
|
|
|
|
|
@internal.route("/postfix/sender/map/<path:sender>")
|
|
|
|
def postfix_sender_map(sender):
|
|
|
|
""" Rewrite the envelope sender in case the mail was not emitted by us.
|
|
|
|
|
|
|
|
This is for bounces to come back the reverse path properly.
|
|
|
|
"""
|
2021-10-01 15:00:10 +02:00
|
|
|
srs = srslib.SRS(flask.current_app.srs_key)
|
2020-01-14 02:18:30 +02:00
|
|
|
domain = flask.current_app.config["DOMAIN"]
|
|
|
|
try:
|
|
|
|
localpart, domain_name = models.Email.resolve_domain(sender)
|
|
|
|
except Exception as error:
|
|
|
|
return flask.abort(404)
|
|
|
|
if models.Domain.query.get(domain_name):
|
|
|
|
return flask.abort(404)
|
|
|
|
return flask.jsonify(srs.forward(sender, domain))
|
|
|
|
|
|
|
|
|
2019-01-04 22:18:51 +02:00
|
|
|
@internal.route("/postfix/sender/login/<path:sender>")
|
2018-10-07 16:24:48 +02:00
|
|
|
def postfix_sender_login(sender):
|
2021-08-19 15:21:39 +02:00
|
|
|
wildcard_senders = [s for s in flask.current_app.config.get('WILDCARD_SENDERS', '').lower().replace(' ', '').split(',') if s]
|
2018-10-07 16:24:48 +02:00
|
|
|
localpart, domain_name = models.Email.resolve_domain(sender)
|
|
|
|
if localpart is None:
|
2021-08-19 11:02:03 +02:00
|
|
|
return flask.jsonify(",".join(wildcard_senders)) if wildcard_senders else flask.abort(404)
|
2018-10-07 16:24:48 +02:00
|
|
|
destination = models.Email.resolve_destination(localpart, domain_name, True)
|
2021-08-02 19:18:42 +02:00
|
|
|
destination = [*destination, *wildcard_senders] if destination else [*wildcard_senders]
|
2018-10-07 16:24:48 +02:00
|
|
|
return flask.jsonify(",".join(destination)) if destination else flask.abort(404)
|
|
|
|
|
2021-08-08 09:21:14 +02:00
|
|
|
@internal.route("/postfix/sender/rate/<path:sender>")
|
|
|
|
def postfix_sender_rate(sender):
|
|
|
|
""" Rate limit outbound emails per sender login
|
|
|
|
"""
|
|
|
|
user = models.User.get(sender) or flask.abort(404)
|
2021-08-09 09:28:19 +02:00
|
|
|
return flask.abort(404) if user.sender_limiter.hit() else flask.jsonify("450 4.2.1 You are sending too many emails too fast.")
|
2018-10-07 16:24:48 +02:00
|
|
|
|
2019-01-04 22:18:51 +02:00
|
|
|
@internal.route("/postfix/sender/access/<path:sender>")
|
2018-10-07 16:24:48 +02:00
|
|
|
def postfix_sender_access(sender):
|
2018-10-07 01:52:01 +02:00
|
|
|
""" Simply reject any sender that pretends to be from a local domain
|
|
|
|
"""
|
2019-01-19 13:42:42 +02:00
|
|
|
if not is_void_address(sender):
|
|
|
|
localpart, domain_name = models.Email.resolve_domain(sender)
|
|
|
|
return flask.jsonify("REJECT") if models.Domain.query.get(domain_name) else flask.abort(404)
|
|
|
|
else:
|
|
|
|
return flask.abort(404)
|
|
|
|
|
|
|
|
|
|
|
|
def is_void_address(email):
|
|
|
|
'''True if the email is void (null) email address.
|
|
|
|
'''
|
|
|
|
if email.startswith('<') and email.endswith('>'):
|
|
|
|
email = email[1:-1]
|
|
|
|
# Some MTAs use things like '<MAILER-DAEMON>' instead of '<>'; so let's
|
|
|
|
# consider void any such thing.
|
|
|
|
return '@' not in email
|